File tree Expand file tree Collapse file tree 2 files changed +5
-4
lines changed Expand file tree Collapse file tree 2 files changed +5
-4
lines changed Original file line number Diff line number Diff line change @@ -225,7 +225,7 @@ jobs:
225225 id-token : write
226226 pull-requests : write
227227 steps :
228- # ref.: https://github.com/sigstore/cosign-installer, v2.2.0
228+ # ref.: https://github.com/sigstore/cosign-installer, v3.0.1
229229 - name : Install cosign
230230 uses : sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65
231231 with :
@@ -298,7 +298,7 @@ jobs:
298298 COSIGN_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
299299 run : |
300300 echo "$KEY" > ../cosign.key
301- for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --key=../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME; done
301+ for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --key=../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME --yes ; done
302302 rm -fv ../cosign.key
303303# ref: https://github.com/softprops/action-gh-release, v0.1.14
304304 # Release on merge only (push action) - this should run only once
Original file line number Diff line number Diff line change 2727# download desired files and the corresponding .sig file from: https://github.com/KiraCore/tools/releases
2828
2929# verify signature of downloaded files
30+ # NOTE: You might need insecure-ignore-tlog and/or insecure-ignore-sct if you verify old signatures from before v2.0.0
3031cosign verify-blob --key=./cosign.pub --signature=./< file> .sig ./< file> --insecure-ignore-tlog --insecure-ignore-sct
3132```
3233
@@ -50,10 +51,10 @@ A simple and secure bip39 words generator that is able to mix computer and human
5051
5152``` bash
5253# once BU is installed, you can easily and securely install all tools for a relevant architecture and platform
53- # one line install
54+ # one line install with verification of IPFS CID referencing a public key used to sign the release
5455TOOLS_VERSION=" v0.3.36" && TOOL_NAME=" bip39gen" && cd /tmp && \
5556 bu safeWget ./${TOOL_NAME} .deb " https://github.com/KiraCore/tools/releases/download/$TOOLS_VERSION /${TOOL_NAME} -$( getPlatform) $( getArch) "
56- " $KIRA_COSIGN_PUB " && rm -rfv ./$TOOL_NAME && dpkg-deb -x ./${TOOL_NAME} .deb ./$TOOL_NAME && \
57+ " QmeqFDLGfwoWgCy2ZEFXerVC5XW8c5xgRyhK5bLArBr2ue " && rm -rfv ./$TOOL_NAME && dpkg-deb -x ./${TOOL_NAME} .deb ./$TOOL_NAME && \
5758 cp -fv ./$TOOL_NAME /bin/$TOOL_NAME /usr/local/bin/$TOOL_NAME && chmod +x " /usr/local/bin/$TOOL_NAME " && \
5859 rm -rfv ./$TOOL_NAME ./${TOOL_NAME} .deb
5960
You can’t perform that action at this time.
0 commit comments